CVE-2016-20065

CVE-2016-20065 concerns the WordPress plugin Product Catalog 8 1.2, which contains an SQL injection in the selectedCategory parameter. An unauthenticated attacker can POST to admin-ajax.php with the UpdateCategoryList action to run arbitrary SQL queries, enabling extraction of database informatio...

EUVD-2016-10878

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

PT-2026-47765

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

WordPress plugin Product Catalog SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...

Product Catalog 8 1.2 - Unauthenticated SQL Injection

$POST ‘selectedCategory’ is not escaped. UpdateCategoryList is accessible for any user. PoC...